rfc1786.txt
来自「RFC 的详细文档!」· 文本 代码 · 共 1,943 行 · 第 1/5 页
TXT
1,943 行
special cases like "type of service" routing, load sharing and
Bates, et al. [Page 7]
RFC 1786 Representing IP Routing Policies in a RR March 1995
routing instabilities).
In a concrete example AS Z might be connected to the outside world by
two links. AS Z wishes to reserve these links for different kinds of
traffic, let's call them black and white traffic. For this purpose
the management of AS Z keeps two lists of ASes, the black and the
white list. Together these lists comprise all ASes in the world
reachable from AS Z.
"W"
<--->
... AS Z .... NET 3
<--->
"B"
It is quite possible to implement the policy for traffic originating
in AS Z: AS Z will only accept announcements for networks in white
ASes on the white link and will only accept announcements for
networks in black ASes on the black link. This causes traffic from
networks within AS Z towards white ASes to use the white link and
likewise traffic for black ASes to use the black link.
Note that this way of implementing things makes it necessary to
decide on the colour of each new AS which appears before traffic can
be sent to it from AS Z. A way around this would be to accept only
white announcements via the white link and to accept all but white
announcements on the black link. That way traffic from new ASes
would automatically be sent down the black link and AS Z management
would only need to keep the list of white ASes rather than two lists.
Now for the unimplementable part of the policy. This concerns
traffic towards AS Z. Consider the following topology:
B AS ---) "W"
W AS ---) --->
B AS ---)>> AS A ---> ... AS Z .... NET 3
B AS ---) --->
W AS ---) "B"
As seen from AS Z there are both black and white ASes "behind" AS A.
Since ASes can make routing decisions based on destination only, AS A
and all ASes between AS A and the two links connecting AS Z can only
make the same decision for traffic directed at a network in AS Z, say
NET 3. This means that traffic from both black and white ASes
towards NET 3 will follow the same route once it passes through AS A.
This will either be the black or the white route depending on the
routing policies of AS A and all ASes between it and AS Z.
Bates, et al. [Page 8]
RFC 1786 Representing IP Routing Policies in a RR March 1995
The important thing to note is that unless routing and forwarding
decisions can be made based on both source and destination addresses,
policies like the "black and white" example cannot be implemented in
general because "once joined means joined forever".
Access Policies
Access policies contrary to routing policies are not necessarily
defined in terms of ASes. The very simplest type of access policy is
to block packets from a specific network S from being forwarded to
another network D. A common example is when some inappropriate use of
resources on network D has been made from network S and the problem
has not been resolved yet. Other examples of access policies might be
resources only accessible to networks belonging to a particular
disciplinary group or community of interest. While most of these
policies are better implemented at the host or application level,
network level access policies do exist and are a source of
connectivity problems which are sometimes hard to diagnose. Therefore
they should also be documented in the routing registry according to
similar requirements as outlined above.
Routing vs. Allocation information
The RIPE database contains both routing registry and address space
allocation registry information. In the past the database schema
combined this information. Because RIPE was tasked with running both
an allocation and routing registry it seemed natural to initially
combine these functions. However, experience has shown that a clear
separation of routing information from allocation is desirable. Often
the maintainer of the routing information is not the same as the
maintainer of the allocation information. Moreover, in other parts
of the world there are different registries for each kind of
information.
Whilst the actual routing policy objects will be introduced in the
next section it is worthy of note that a transition from the current
objects will be required. Appendix G details the basic steps of such
a transition.
This split in information represents a significant change in the
representational model of the RIPE database. Appendix F expands on
the reasons for this a little more.
Bates, et al. [Page 9]
RFC 1786 Representing IP Routing Policies in a RR March 1995
Tools
The network operators will need a series of tools for policy routing.
Some tools are already available to perform some of the tasks. Most
notably, the PRIDE tools [3] from the PRIDE project started in
September 1993 as well as others produced by Merit Inc [4] and CERN
[5].
These tools will enable them to use the routing policy stored in the
RIPE routing registry to perform such tasks as check actual routing
against policies defined, ensure consistency of policies set by
different operators, and simulate the effects of policy changes.
Work continues on producing more useful tools to service the Internet
community.
Bates, et al. [Page 10]
RFC 1786 Representing IP Routing Policies in a RR March 1995
4. The Routing Registry and the RIPE Database
One of the activities of RIPE is to maintain a database of European
IP networks, DNS domains and their contact persons along with various
other kinds of network management information. The database content
is public and can be queried using the whois protocol as well as
retrieved as a whole. This supports NICs/NOCs all over Europe and
beyond to perform their respective tasks.
The RIPE database combines both allocation registry and routing
registry functions. The RIPE allocation registry contains data about
address space allocated to specific enterprises and/or delegated to
local registries as well as data about the domain name space. The
allocation registry is described in separate documents [6,7] and
outside the scope of this document.
Database Objects
Each object in the database describes a single entity in the real
world. This basic principle means that information about that
entity should only be represented in the corresponding
database object and not be repeated in other objects. The whois
service can automatically display referenced objects where
appropriate.
The types of objects stored in the RIPE database are summarized in
the table below:
R Object Describes References
____________________________________________________________________
B person contact persons
A inetnum IP address space person
A domain DNS domain person
R aut-num autonomous system person
(aut-num,community)
R as-macro a group of autonomous systems person, aut-num
R community community person
R route a route being announced aut-num, community
R clns CLNS address space and routing person
The first column indicates whether the object is part of the
allocation registry (A), the routing registry (R) or both (B). The
Bates, et al. [Page 11]
RFC 1786 Representing IP Routing Policies in a RR March 1995
last column indicates the types of objects referenced by the
particular type of object. It can be seen that almost all objects
reference contact persons.
Objects are described by attributes value pairs, one per line.
Objects are separated by empty lines. An attribute that consists of
multiple lines should have the attribute name repeated on
consecutive lines. The information stored about network 192.87.45.0
consists of three objects, one inetnum object and two person
objects and looks like this:
Bates, et al. [Page 12]
RFC 1786 Representing IP Routing Policies in a RR March 1995
inetnum: 192.87.45.0
netname: RIPE-NCC
descr: RIPE Network Coordination Centre
descr: Amsterdam, Netherlands
country: NL
admin-c: Daniel Karrenberg
tech-c: Marten Terpstra
rev-srv: ns.ripe.net
rev-srv: ns.eu.net
notify: ops@ripe.net
changed: tony@ripe.net 940110
source: RIPE
person: Daniel Karrenberg
address: RIPE Network Coordination Centre (NCC)
address: Kruislaan 409
address: NL-1098 SJ Amsterdam
address: Netherlands
phone: +31 20 592 5065
fax-no: +31 20 592 5090
e-mail: dfk@ripe.net
nic-hdl: DK58
changed: ripe-dbm@ripe.net 920826
source: RIPE
person: Marten Terpstra
address: RIPE Network Coordination Centre (NCC)
address: PRIDE Project
address: Kruislaan 409
address: NL-1098 SJ Amsterdam
address: Netherlands
phone: +31 20 592 5064
fax-no: +31 20 592 5090
e-mail: Marten.Terpstra@ripe.net
nic-hdl: MT2
notify: marten@ripe.net
changed: marten@ripe.net 931230
source: RIPE
Objects are stored and retrieved in this tag/value format. The RIPE
NCC does not provide differently formatted reports because any
desired format can easily be produced from this generic one.
Bates, et al. [Page 13]
RFC 1786 Representing IP Routing Policies in a RR March 1995
Routing Registry Objects
The main objects comprising the routing registry are "aut-num" and
"route", describing an autonomous system and a route respectively. It
should be noted that routes not described in the routing registry
should never be routed in the Internet itself.
The autonomous system (aut-num) object provides contact information
for the AS and describes the routing policy of that AS. The routing
policy is described by enumerating all neighboring ASes with which
routing information is exchanged. For each neighbor the routing
policy is described in terms of exactly what is being sent
(announced) and allowed in (accepted). It is important to note that
this is exactly the part of the global policy over which an AS has
direct control. Thus each aut-num object describes what can indeed be
implemented and enforced locally by the AS concerned. Combined
together all the aut-num objects provide the global routing graph and
permit to deduce the exact routing policy between any two ASes.
While the aut-num objects describe how routing information is
propagated, the route object describes a single route injected into
the external routing mesh. The route object references the AS
injecting (originating) the route and thereby indirectly provides
contact information for the originating AS. This reference also
provides the primary way of grouping routes into larger collections.
This is necessary because describing routing policy on the level of
single routes would be awkward to impractical given the number of
routes in the Internet which is about 20,000 at the time of this
writing. Thus routing policy is most often defined for groups of
routes by originating AS. This method of grouping is well supported
by current exterior routing protocols. The route object also
references community objects described below to provide another
method of grouping routes. Modification of aut-num object itself and
the referencing by route objects is strictly protected to provide
network operators control over the routing policy description and the
routes originated by their ASes.
Sometimes even keeping track of groups of routes at the AS level is
cumbersome. Consider the case of policies described at the transit
provider level which apply transitively to all customers of the
transit provider. Therefore another level of grouping is provided by
the as-macro object which provides groups of ASes which can be
referenced in routing policies just like single ASes. Membership of
as-macro groups is also strictly controlled.
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?